Most people know that a Virtual Private Network (VPN) is your first line of defence to keep your online activities private. But do you know how a VPN manages to prevent prying eyes from spying on you? The secret sauce is encryption. It’s the technology that makes your data completely unreadable to those who shouldn’t be seeing it.
It’s the reason why you can browse online, shop or bank securely without having your information compromised. And since cyber threats are on the rise, using a VPN is your safest option whether you work remotely or want to browse online in your personal time.
So how does the encryption work? Let’s get into what happens from the moment you click to connect your VPN.
Why Do Users Need Encryption?
Security wasn’t really an issue in the early days when the Internet was still new. Certainly not like it is today, with almost 50% of UK businesses being targeted in cyber attacks. So in the past, most of the Internet traffic was sent as plaintext, meaning that it was easily readable.
That is no longer feasible in today’s digital landscape because the chances of interception are so high. When there is confidential information involved, it’s simply not worth the risk.
Instead, the process of encryption happens. An algorithm and an encryption key work together to convert the plaintext into a type of secret code, or ciphertext. If someone were to try intercept the traffic after this process, the data would be a jumbled mess and make no sense.
It also works the reverse way around known as decryption. When you use the correct key, the ciphertext can be converted back to readable plaintext again.
The Encryption Tunnel
VPNs don’t just encrypt your data, they also create a secure tunnel for it. Think of this passage as a link between your device and the VPN server.
When traffic leaves your device, it becomes encrypted and enters the tunnel. As it travels through the public Internet, it stays inside until it gets to its final destination.
Nobody, not even your Internet Service Provider (ISP) can see what that data is.
More from VPNs
- Are Peer-To-Peer VPNs Safe For File Sharing?
- How Does Split Tunnelling Work In VPNs?
- Is A VPN Necessary For Online Gaming?
- Can My Hotel View My Browsing History?
- Is It Legal To Use a VPN?
- VPN Mistakes That Could Put You At Risk
- The Challenges of VPNs in High-Latency Networks
- How Does a VPN Protect My Privacy?
Cryptography 101: The Algorithms Behind The Lock
VPNs are heavily reliant on encryption algorithms. These can be divided into two categories of key-based encryption which work together.
Symmetric-Key Encryption
Symmetric encryption is fast and good for encrypting a vast amount of data, which is why it handles the bulk of data protection. It will use the same exact key when it encrypts the plaintext and for decrypting the ciphertext.
Most VPNs use an algorithm called the Advanced Encryption Standard (AES). The AES is able to create such a massive key space that it’s virtually impossible for even supercomputers to try and guess the key.
Asymmetric-Key Encryption
The role of asymmetric encryption is to exchange the symmetric key securely. It does this by using two keys, a public key and a private key. The public key, which is shared with everyone, is used to encrypt the data.
On the other hand, the private key remains confidential and is used for decrypting the data.
Because it’s slower than symmetric encryption, it’s not used to encrypt the actual browsing data.
The Link Between The Two
Once the VPN is in use, its server and your device will determine which cryptographic standard to use – usually the AES. The VPN server then has to send a digital certificate with its public key in order for its identity to be successfully verified.
Your device will use the public key to encrypt a message which is sent back to the server. Using its private key, the server is able to decrypt it and from there, both sides determine which final symmetric key will be used for the remainder of your session.
This process is to ensure that session keys are completely unique and temporary for every VPN connection. So even if a hacker was able to access the server’s private key, they still wouldn’t be able to decode past sessions.
How Is The Protected Data Packaged?
When you connect to your VPN, your device will note your request such as visiting a website, which goes inside a locked box by using AES encryption. This is to make sure that the data inside the box is unreadable to anyone who doesn’t have the key.
Then the encapsulation process starts. Your encrypted data is then wrapped in a new layer and given a “label.” This label isn’t the final destination, being the website you want to visit, but rather the address of the VPN server.
The locked box with the VPN server’s address is then transferred over the Internet. Anybody outside the tunnel, including your ISP and network observers, only see that your device is communicating with the VPN server. What they can’t see is the content inside the box that is now private nor the true final destination of where it’s headed.
